Description
Description
SAIC is searching for a Cybersecurity Ops Analyst to join our team supporting the JEXC2 Program, based in Panama City, FL.
We are seeking a skilled and detail-oriented Information Systems Security Officer (ISSO) to manage and execute the Risk Management Framework (RMF) process for our systems. The successful candidate will conduct risk assessments, define security requirements, assist with system registration and ATO attainment, and ensure ongoing compliance through vulnerability management, security control testing, and continuous monitoring activities. This position requires a strong understanding of cybersecurity principles, experience with RMF tools like eMASS and ACAS, and the ability to effectively collaborate with system engineers, administrators, and stakeholders to maintain a robust security posture.
Responsibilities:
- Conduct System Level Risk Assessments
- Define Security and Privacy Requirements
- Initial system categorization; information type and overlay tailoring/ implementation
- Assist with documentation of the characteristics of the system (HW/SW list, diagram, PPSM, system description and CONOPs)
- Develop SLCM (Software Life Cycle Management) plan
- Perform control and assessment procedure testing and upload to eMASS
- Assist with Security Assessment Plan (SAP) development
- Review system configuration checklist (STIGs & SRGs) to ensure implementation of security measures
- Review vulnerability scans for simple remediations and manage remediation and rescanning
- Utilize organization RMF tools such as ACAS, eMASSter, Evaluate-STIG, STIG Viewer, eMASS, and STIGMAN
- Coordinate with system engineers and admins to address discrepancies
- Create the POA&M, and write mitigation and impact statements as required
- Start and manage RMF workflows in eMASS and address any findings from reviewers
- Perform annual security reviews (ASRs)
- Review vulnerability scans at least monthly to ensure patch effectiveness and routine maintenance is being performed
- Review DADMS MAP tab weekly to ensure system software list is up to date
- Provide status updates as requested on current RMF efforts and schedules to include any issues that may impact timelines
- Interface and integrate with system stakeholders to ensure cyber posture aligns with overall program goals and requirements
Qualifications
Qualifications:
- Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field.
- 2+ years of experience in cybersecurity, information assurance, or systems security roles.
- Proven experience applying the Risk Management Framework (RMF) to information systems.
- Hands-on experience with vulnerability scanning and remediation processes.
- DoD 8570 IAT Level II (e.g., Security+, GSEC, SSCP, CCNA Security) OR CompTIA Security+ or equivalent commercial certification.
- Strong understanding of the Risk Management Framework (RMF) and NIST publications (e.g., NIST 800-37, NIST 800-53).
- Experience with security control selection, implementation, and assessment.
- Familiarity with DISA STIGs (Security Technical Implementation Guides) and SRGs (Security Requirements Guides).
- Experience with vulnerability scanning tools (e.g., ACAS/Nessus) and eMASS (Enterprise Mission Assurance Support Service).
- Ability to document system characteristics and security controls effectively.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Active Secret clearance and ability to obtain Top Secret clearance.
Apply on company website
Find Connections via Linkedin
